CVE-2025-10193
Description
DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend sufficient time there for DNS rebinding to succeed.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-10193? +
How do I check if I'm vulnerable to CVE-2025-10193? +
Related Vulnerabilities
OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may …
Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier allows attackers to …
"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in …
In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to …
A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access …
Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service …